This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

I have generated a spring project using Roo, and used the security setup addon to add in the spring security. The security works fine on Tomcat 7, but am running into the following problem when trying to deploy to Websphere 7.0.0.19. I'm currently using Spring Security 3.1.0.RELEASE. I've seen other projects use the Spring DelegatingFilterProxy just fine within Websphere. Anybody have any ideas?

Error from StackTrace:

Code:

E org.springframework.web.context.ContextLoader initWebApplicationContext Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration

For others that land on this thread. This was logged as SEC-2034 and determined to be invalid. The cause is that the configuration is being loaded twice (exact reasons still under investigation by the reporter).

Comment

I have found the culprit of the multiple config files loading twice. It has to do with how Spring Roo initially creates the web.xml file - an extra asterisk is added after classpath. I have opened a spring roo ticket here.

When the "web mvc setup" command is run, the web.xml is setup with the following path to the spring context files...

The first asterisk is the culprit for the spring config files (-spring.xml specifically) being picked up multiple times when running on Websphere 7.0.0.19 (The app deploys fine on Tomcat however). After I remove that asterisk, then the application loads fine

Comment

It would appear that you either have the file in your project twice or it is being deployed twice. It appears you are using Eclipse to deploy your project to WAS. One thing that looks weird to me is that the file would normally be something like this:

Can you try building the web application (i.e. converting it to a WAR) and seeing if the resulting war contains the xml file twice? Since you are using Roo I assume it is a Maven project so you can just run mvn clean package to get the war. If the XML file is not in the resulting war twice it is probably an issue with the WAS WTP integration with Eclipse.

It is difficult to say without seeing your pom.xml and your project structure. When I run the Spring Roo vote sample script and then package it with Maven it works properly (i.e. the security file is found in WEB-INF only) so it is likely something that has been modified. I would try the sample and see if that works and then do a diff on your project and the sample to see what is different.

Comment

I have also confirmed the vote sample script does not produce a \META-INF\spring\ folder. Our project was initially started back with Spring Roo 1.1 i believe, and has been upgraded since, so it is likely that over time some config changed on our end. I'm not going to run a diff, but will keep an eye out for this same behavior when we start up a new project.